Preparing the Annual Internal Scrutiny Summary Report

An annual internal scrutiny summary report is one of the most relied upon governance documents an academy trust produces. It pulls together a year of testing and challenge into a single board level view: how well our controls are working, where the weaknesses sit, and what we are doing about them. When it is written well, trustees can use it to ask sharper questions and make better decisions. When it is written poorly, it becomes a thin narrative that says very little, and sometimes creates awkward gaps when external audit, regulators, or new trustees ask for evidence.

The Academy Trust Handbook is clear on the basic expectation. Trusts must have a programme of internal scrutiny that provides independent assurance, and they must produce an annual summary report for each year ended 31 August. The trust must also submit its internal scrutiny summary report to the Department for Education by 31 December, at the point it submits audited annual accounts. (GOV.UK)

The DfE’s internal scrutiny good practice guide gives helpful detail on what that annual report should contain and how trusts can build a programme that is proportionate, risk led, and credible. (GOV.UK)

This article sets out a practical way to prepare an annual internal scrutiny summary report that trustees will actually use. It focuses on structure, evidence standards, timing, and the language that helps boards understand assurance without drowning them in detail.

Start with the real purpose, not the template

Most trusts do not struggle because they cannot create a document. They struggle because they write the summary report as a record of activity rather than a judgement of assurance. Trustees do not need a list of visits. They need a clear answer to one question:

How much confidence can we take from this year’s internal scrutiny work, and what does it mean for our risk position going into next year?

That is the lens you should use for every paragraph you write. If a section does not help trustees understand assurance, risk, or decision making, it probably belongs in an appendix.

A strong annual internal scrutiny summary report normally does four jobs at once:

• It explains what was covered, and why those areas mattered.
• It summarises what the work found, with themes that help trustees spot patterns.
• It shows what has improved, what remains open, and what is being escalated.
• It sets up next year’s plan so scrutiny is a living programme, not a set of disconnected reviews.

That combination is what turns internal scrutiny into governance intelligence.

Know your external deadlines, then work backwards

The annual report is part of a wider reporting cycle. The Handbook requirement to submit the internal scrutiny summary report by 31 December is not optional. (GOV.UK) The DfE’s academies financial returns guidance also lists an annual internal scrutiny report among the documents due by 31 December 2025 for the 2024 to 2025 accounts cycle, alongside audited accounts and the audit findings report. (GOV.UK)

In practice, that means the quality of your annual report depends heavily on what you do in the autumn term. If you leave follow up testing until late November, you usually end up with a summary report that says “actions are in progress” too many times. That is not fatal, but it weakens trustee confidence and invites avoidable challenge.

If you want a simple planning anchor, the DfE planning calendar for 2025 to 2026 highlights the 31 December submission deadline and makes clear that the internal scrutiny summary report sits alongside the accounts pack. (GOV.UK)

My strong view is that the best annual reports are drafted when there is still time to fix things, not when the submission portal is already open and you are racing the clock.

Gather the evidence set before you write a single line

An annual internal scrutiny summary report is an assurance document. It should be supported by evidence you could hand to a sceptical reader. In most trusts, the evidence already exists, but it lives in different places and formats.

Before drafting, pull together a complete pack that includes:

1. The approved internal scrutiny plan for the year, plus any changes approved in year.
2. Final internal scrutiny reports, including scopes, testing approach, and findings.
3. A recommendation tracker with owners, due dates, current status, and evidence of closure.
4. Follow up testing results where actions have been marked complete.
5. Audit and risk committee papers and minutes that show oversight and challenge.
6. The risk register versions that were live during the year, including any updates triggered by scrutiny findings.

If any of those elements are missing, you can still write the report, but you should be open about limitations. Trustees can handle a constrained evidence base if it is stated clearly, and if there is a plan to close the gap.

One practical point that improves report quality quickly is to separate “status” from “evidence”. A tracker that says “complete” is not evidence. Evidence is a re test result, a control observation, a sample check outcome, or a clear demonstration that the control now operates consistently.

A structure trustees can use quickly

The DfE good practice guide provides a suggested structure for an annual internal scrutiny report and encourages trusts to produce a summary that is useful for governance, not just compliance. (GOV.UK) In my experience, trustees respond best to a report that is short at the front, detailed at the back, and written in plain language.

A practical structure that works across most trusts looks like this:

1. Executive assurance judgement

Keep it short and specific. Avoid broad labels like “satisfactory” without explanation. Use language that links to what was tested and what matters. For example:

• High assurance where controls are well designed and consistently applied across academies.
• Moderate assurance where controls exist but execution is inconsistent, or there are repeat findings.
• Limited assurance where key controls have significant gaps, or high risk actions remain open.

If you use a rating approach, define what it means in your trust context. Trustees should not need to guess whether “moderate assurance” is comfortable or worrying.

2. Coverage delivered versus plan

Trustees should see clearly what you planned, what you delivered, and why any changes were made. The Handbook expects internal scrutiny to be risk based and responsive, so it is normal to adjust scope during the year. (GOV.UK) What matters is that changes are transparent and approved through the audit and risk committee.

3. Thematic findings

This is the heart of the report. Group findings into themes that reflect how the trust operates, for example procurement and contracting, payroll and HR controls, delegated governance, IT access and data, estates compliance oversight, or school level financial controls. The aim is to help trustees spot patterns that cut across individual reviews.

A good thematic section does not repeat every recommendation. It summarises what the pattern tells you about design, consistency, and capacity.

4. Recommendations and follow up position

Trustees want to know what has changed. Include a clear summary of:

• how many recommendations were raised during the year
• how many are complete, in progress, overdue
• how many are high risk and still open
• what has been re tested and what is awaiting re test

If you have not re tested, say so, and explain how you gained confidence that actions have been embedded. In some cases, evidence can be strong without re testing, but it should be justified.

5. Significant unresolved matters and decisions required

This section is often missing, and it is where trustees feel most supported when it is done well. If you have an open high risk action that has slipped twice, trustees need to see it clearly and decide what to do. That might mean bringing forward additional scrutiny work, changing capacity, tightening delegation, or agreeing a risk acceptance position with a time bound plan.

6. Implications for next year’s internal scrutiny plan

Close the loop. The best internal scrutiny programmes feel connected year to year. If you have recurring themes, say so and explain how the next plan will address them.

7. Appendices

Use appendices for the detail trustees may want to check but do not need in the main narrative. A simple table of reviews completed, dates, and headline outcome can sit here, alongside the full action tracker extract.

Linking findings to the risk register in a way that feels natural

The Handbook expects internal scrutiny to be risk based with reference to the risk register. (GOV.UK) That does not mean your report needs to read like a risk register export. It does mean trustees should be able to trace material findings back to the risks they have agreed are most significant.

A practical way to do this, without cluttering the report, is to include a short risk mapping line for each major theme, such as:

• “This theme links to risk R4 (financial control consistency across academies) and risk R9 (procurement compliance and value for money).”

Then, in an appendix, provide a fuller mapping table if trustees want it.

The pay off is worth it. Risk mapping makes committee discussion sharper and reduces the chance that scrutiny drifts into the comfort zone of whatever is easiest to test.

A realistic timeline that protects quality

Trusts often ask when to start drafting. My answer is: start planning early, draft in the summer term, and finalise in the autumn term when follow up evidence is available.

A sensible year end rhythm looks like this:

• Spring term: confirm the remaining reviews needed to complete the plan, and schedule follow up work for any high risk actions that will be marked complete by summer.
• Early summer term: chase management responses, confirm owners and deadlines, and agree what evidence will be needed for closure.
• Late summer term: draft the main narrative while the year is still fresh, and build your thematic findings section.
• Autumn term: update the report with follow up results, present to audit and risk committee for challenge, then finalise for board visibility ahead of submission.

This approach aligns with the broader accounts cycle and the 31 December submission deadline for the internal scrutiny summary report. (GOV.UK)

Quality checks that stop the annual report going soft

Before the audit and risk committee signs off, run a short quality review. You do not need a huge checklist, but you do need discipline.

I recommend five tests:

1. Traceability: can every headline statement be traced to a specific piece of scrutiny evidence?
2. Completeness: have you accounted for all planned work and explained any changes?
3. Consistency: are ratings and language used consistently across themes?
4. Closure integrity: where you say a high risk action is complete, do you have convincing evidence?
5. Decision clarity: can trustees see what decisions, escalations, or risk responses are required?

If you fail one of these tests, do not panic. Tighten the report. A shorter report with strong evidence beats a longer report that drifts into reassurance language.

Where the annual summary fits in trustee accountability

The annual internal scrutiny summary report is not isolated. The Handbook links internal scrutiny to the governance statement and the accounting officer’s statement of regularity, so your annual report is part of the evidence base trustees and senior leaders rely on when signing year end declarations. (Digital Education Resource Archive)

That is why tone matters. You are not trying to impress anyone with volume. You are trying to be clear, balanced, and defensible.

Common pitfalls, and how to avoid them

A few patterns come up repeatedly across trusts.

The first is writing the report as a narrative that has very little data. Trustees should be able to see, quickly, how many high risk issues exist and whether they are moving in the right direction.

The second is treating “closed” as a status rather than an outcome. If you cannot demonstrate that a control now operates as intended, your assurance position remains weaker than the tracker suggests.

The third is ignoring what was not done. If a review was deferred or dropped, say it, explain why, and state what that means for residual risk.

The fourth is burying bad news. Trustees are more likely to support improvement when they can see problems clearly, and early. They are less likely to support improvement when issues appear late and feel surprising.

How internalscrutiny.co.uk can help

At internalscrutiny.co.uk, we help trusts produce annual internal scrutiny summary reports that trustees can rely on. That includes structuring the report around assurance, tightening evidence standards, and shaping the narrative so it supports governance challenge and next year planning.

If you want support with the report itself, or with the programme that feeds it, you can explore our process guidance, our internal scrutiny service, or move straight to implementation planning through Book Audit.

Sources

Checked on 24 February 2026.

DfE, Academy trust handbook 2025: effective from 1 September 2025 (updated 22 October 2025)
https://www.gov.uk/government/publications/academy-trust-handbook/academy-trust-handbook-2025-effective-from-1-september-2025

DfE, Internal scrutiny in academy trusts (good practice guide) (published 14 February 2024)
https://www.gov.uk/government/publications/internal-scrutiny-in-academy-trusts/internal-scrutiny-in-academy-trusts

DfE, Academies financial returns (updated 7 August 2025)
https://www.gov.uk/guidance/academies-financial-returns

DfE, Academies accounts direction and submitting your audited financial statements (last updated 13 October 2025)
https://www.gov.uk/guidance/academies-accounts-direction

DfE, Academies planning calendar 2025 to 2026 (published 25 September 2025)
https://www.gov.uk/government/publications/academies-planning-calendar/academies-planning-calendar-2025-to-2026